[OTR-dev] OTR, keyservers, MITM, etc.
Donny Viszneki
donny.viszneki at gmail.com
Tue Aug 18 10:56:33 EDT 2009
On Sun, Aug 9, 2009 at 6:27 PM, Ian Goldberg<ian at cypherpunks.ca> wrote:
> The "use GPG keys for OTR" suggestion comes up pretty regularly. But
> most GPG keys don't have your IM username and network in a canonical
> format in them, so you'd have to manually associate the GPG key to the
> IM buddy anyway. Is that better than manually associating the OTR key?
> Is it better than using the Authenticate Buddy mechanism? Note that
> keyservers don't help you much if at all here.
"Manually associate?" We're talking about computers, here.
For reasons orthogonal to the greater discussion going on in this
thread, it would be nice to have greater interoperability with other
authentication mechanisms.
For all those reasons, then, for the OTR community to define some
document format whereby a PGP key can be used authenticate any kind of
statement of authenticity for OTR keys, that would be great.
With the definition in place, it would be easy for most OTR plugins to
associate a new program with that type of document. That program would
probably just show a dialog showing who/whatkey authenticates the OTR
key therein, and present an "Install" button that would fiddle with
whatever OTR plugin settings are necessary to implement the
verification (or anti-verification -- another feature OTR plugins
need) of the new user/key combo.
--
http://codebad.com/
More information about the OTR-dev
mailing list